TIB自定义存储 [英] TIB Custom Storage
问题描述
经过大量的搜索并在此处给出了一些提示之后,我终于设法找到FS段的布局(由Windows用于存储TIB数据).我特别感兴趣的是PSDK中提供的ArbitraryUserPointer成员:
After quite a bit of googling and some hints given here, I finally managed to find a layout of the FS segment (used by windows to store TIB data). Of particular interest to me is the ArbitraryUserPointer member provided in the PSDK:
typedef struct _NT_TIB {
struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
PVOID StackBase;
PVOID StackLimit;
PVOID SubSystemTib;
union {
PVOID FiberData;
DWORD Version;
};
PVOID ArbitraryUserPointer;
struct _NT_TIB *Self;
} NT_TIB;
使用此变量到底有多安全(在Vista及更高版本中)?并且它仍然存在于x64上吗?
How safe exactly is it to use this variable (under Vista and above)? and does it still exist on x64?
其次是对该变量的访问.我正在使用MSVC,因此我
可以访问__readfsdword& __readgsqword内部函数,但是 MSDN 由于某些原因,将其标记为特权指令:
Secondary to that is the access of this variable. I'm using MSVC, and as such I
have access to the __readfsdword & __readgsqword intrinsics, however, MSDN for some reason marks these as privileged instructions:
这些内在函数仅在内核模式下可用,而例程仅作为内在函数可用.
These intrinsics are only available in kernel mode, and the routines are only available as intrinsics.
它们当然只是 内核,但是为什么将它们标记为这样,只是不正确的文档? (我的离线VS 2008文档没有此子句).
They are of course not kernel only, but why are they marked as such, just incorrect documentation? (my offline VS 2008 docs don't have this clause).
最后,通过单个__readfsdword(0x14)直接访问ArbitraryUserPointer是安全的还是优选通过线性TIB地址使用它? (仍然需要从FS中读取).
Finally, is it safe to access ArbitraryUserPointer directly via a single __readfsdword(0x14) or is it preferred to use it via the linear TIB address? (which will still require a read from FS).
推荐答案
ArbitraryUserPointer是一个内部字段,不通用.操作系统在内部使用它,并且如果覆盖它,则会损坏内容.我承认它的名字很糟糕.
ArbitraryUserPointer is an internal field not for general use. The operating system uses it internally, and if you overwrite it, you will corrupt stuff. I concede that it has a very poor name.
这篇关于TIB自定义存储的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
